Add SnapshotSession CRDs (#5)

* Add SnapshotSession CRDs * Add CR descriptions * Address review comments * Address review comments * Remove typo * Remove unnecessary new line
kubernetes · Jul 12, 2023 · 0842a7a · 0842a7a
1 parent 320991b
commit 0842a7a
Showing 1 changed file with 244 additions and 5 deletions.
diff --git a/keps/sig-storage/3314-csi-changed-block-tracking/README.md b/keps/sig-storage/3314-csi-changed-block-tracking/README.md
@@ -807,16 +807,255 @@ The following Kubernetes components are involved at runtime:
 
 ### Custom Resources
 
-@TODO Prasad to provide description and definitions of the CRs
+The following Kubernetes Custom Resources are introduced
+
 #### SnapshotSessionRequest
 
-#### SnapshotServiceConfiguration
+`SnapshotSessionRequest` is a namespace scoped Custom Resource (CR) used to
+request a session for a specific list of snapshots. Once the session is
+created, the session parameters are set in the `status` field of the CR.
+These session parameters are used to establish secure connection to the
+snapshot session service.
+
+The CR `spec` contains the following field:
+
+- `snapshots`: Represents the list of VolumeSnapshot names for which the
+  session is requested.
+
+The CR `status` contains the following fields:
+
+- `caCert`: Specifies (Certificate Authority) certificate used to enable
+  TLS (Transport Layer Security) security for gRPC calls made to the snapshot
+  session service.
+- `error`: Details of the errors if encountered while creating session.
+- `expiryTime`: Specifies the duration of validity for the session. It
+  represents the date and time when the session will expire.
+- `sessionState`: Represents state of the SnapshotSessionRequest. State is
+  defined with one of the "Ready", "Pending" and "Failed".
+- `sessionToken`: An opaque session token used for authentication in gRPC calls
+  made to the snapshot session service.
+- `sessionURL`: Specifies the location of the snapshot session service for
+  making gRPC calls in the format host:port, without the scheme (e.g., http or
+  https).
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: snapshotsessionrequests.cbt.storage.k8s.io
+spec:
+  group: cbt.storage.k8s.io
+  names:
+    kind: SnapshotSessionRequest
+    listKind: SnapshotSessionRequestList
+    plural: snapshotsessionrequests
+    singular: snapshotsessionrequest
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SnapshotSessionRequest is the Schema for the snapshotsessionrequests
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SnapshotSessionRequestSpec defines the desired state of
+              SnapshotSessionRequest
+            properties:
+              snapshots:
+                description: The list of VolumeSnapshots that can be used in the session
+                items:
+                  type: string
+                type: array
+            type: object
+            required:
+            - snapshots
+          status:
+            description: SnapshotSessionRequestStatus defines the observed state
+              of SnapshotSessionRequest
+            properties:
+              caCert:
+                description: CACert contains a PEM-encoded CA (Certificate Authority) bundle. This CA bundle is used to enable TLS (Transport Layer Security) security for gRPC calls made to the snapshot session service.
+                format: byte
+                type: string
+              error:
+                description: Captures any error encountered
+                type: string
+              expiryTime:
+                description: ExpiryTime specifies the time for which the session is valid
+                format: date-time
+                type: string
+              sessionState:
+                description: State of the SnapshotSessionRequest. One of the "Ready",
+                  "Pending", "Failed"
+                type: string
+              sessionToken:
+                description: Opaque session token used for authentication in gRPC calls made to the snapshot session service.
+                format: byte
+                type: string
+              sessionURL:
+                description: Specifies the IP address or DNS name of the snapshot session service for making TLS gRPC calls. It should be provided in the format host:port, without specifying the scheme (e.g., http or https). The SessionURL is used in conjunction with the SessionToken to query Changed Block metadata by making TLS gRPC calls to the service
+                type: string
+            required:
+            - sessionState
+            type: object
+        type: object
+    served: true
+    storage: true
+```
 
-@TODO NOT NAMESPACED
+#### SnapshotServiceConfiguration
 
-#### SnapshotSessionData
+`SnapshotServiceConfiguration` is a cluster-scoped Custom Resource contains
+parameters used to create a session for a specific CSI driver. To associate
+the SnapshotServiceConfiguration with a specific CSI driver,
+`cbt.storage.k8s.io/driver: NAME_OF_THE_CSI_DRIVER` label is used.
+
+The CR `spec` contains the following fields:
+
+- `address`: Specifies the IP address or DNS name of the snapshot session
+  service for making gRPC calls. It should be provided in the format host:port,
+  without specifying the scheme (e.g., http or https). The SessionURL is used
+  to query Changed Block metadata by making gRPC calls to the service.
+- `caCert`: Specifies the CA certificate is used to enable TLS (Transport Layer
+  Security) security for gRPC calls made to the snapshot session service.
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: snapshotservicesconfigurations.cbt.storage.k8s.io
+spec:
+  group: cbt.storage.k8s.io
+  names:
+    kind: SnapshotServicesConfiguration
+    listKind: SnapshotServicesConfigurationList
+    plural: snapshotservicesconfigurations
+    singular: snapshotsessionservice
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SnapshotServicesConfiguration is the Schema for the snapshotservicesconfigurations
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SnapshotServicesConfigurationSpec defines the desired state of
+              SnapshotServicesConfiguration
+            properties:
+              address:
+                description: Specifies the IP address or DNS name of the snapshot session service for making TLS gRPC calls. It should be provided in the format host:port, without specifying the scheme (e.g., http or https). The SessionURL is used to query Changed Block metadata by making TLS gRPC calls to the service
+                type: string
+              caCert:
+                description: CACert contains a PEM-encoded CA (Certificate Authority) bundle. This CA bundle is used to enable TLS (Transport Layer Security) security for gRPC calls made to the snapshot session service.
+                format: byte
+                type: string
+            type: object
+            required:
+              - address
+              - caCert
+        type: object
+    served: true
+    storage: true
+```
 
-@TODO NEED TO DECIDE WHETHER TO EMBED SP IDs OR NOT
+#### SnapshotSessionData 
+
+`SnapshotSessionData` CR is a namespaced resource created within the namespace
+of the CSI driver. The name of the resource represents session token itself.
+The CR provides a structured way to manage session tokens and their
+associations with specific VolumeSnapshots.
+
+The CR `spec` contains the following fields:
+
+- `expiryTime`: Specifies the duration of validity for the session token. It
+  represents the date and time when the session token will expire.
+- `snapshotNamespace`: Indicates the namespace of the VolumeSnapshots
+  associated with the session token.
+- `snapshots`: Represents a list of VolumeSnapshot names for which the session
+  token is valid.
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: snapshotsessiondata.cbt.storage.k8s.io
+spec:
+  group: cbt.storage.k8s.io
+  names:
+    kind: SnapshotSessionData
+    listKind: SnapshotSessionDataList
+    plural: snapshotsessiondata
+    singular: snapshotsessiondata
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SnapshotSessionData is the Schema for the snapshotsessiondata
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SnapshotSessionDataSpec defines the desired state of SnapshotSessionData
+            properties:
+              expiryTime:
+                description: ExpiryTime specifies the time for which the session is valid
+                format: date-time
+                type: string
+              snapshotNamespace:
+                description: Namespace of the VolumeSnapshot for which the session is created
+                type: string
+              snapshots:
+                description: The list of VolumeSnapshot names for which the session is created
+                items:
+                  type: string
+                type: array
+            required:
+            - expiryTime
+            - snapshotNamespace
+            - snapshots
+            type: object
+        type: object
+    served: true
+    storage: true
+```
 
 ### The Snapshot Session Manager